A majority of cybersecurity professionals have said that their job functions have changed due to the COVID-19 pandemic, with 90% now working remotely full-time.
According to a survey of 256 cybersecurity professionals by (ISC)2, 81% of respondents, all responsible for securing their organizations’ digital assets, indicated that their job function has changed during the pandemic. The survey, which was conducted this month, also found that 96% of respondents’ organizations have closed their physical work environments and moved to remote work-from-home policies for employees.
Also, 23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work – with some tracking as many as double the number of incidents. Despite this, 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce.
One respondent, who chose to remain anonymous, said: “COVID-19 hit us with all the necessary ingredients to fuel cybercrime” including staff working from home before most organizations were ready, panic and desire to ‘know more’ and temptation to visit unverified websites in search of up-to-the-minute information.
The survey also asked respondents to share comments about the challenges they face during the pandemic. Some of the themes that came to light included a lack of hardware to support a larger number of remote workers, the struggle between organizational priorities for quick deployment of remote technology and the commensurate level of security to protect systems, and helping end users understand and abide by security policies outside the office.
One respondent commented: “Security at this point is a best effort scenario. Speed has become the primary decision-making factor. This has led to more than a few conversations about how doing it insecurely will result in a worse situation than not doing it at all.”
Max Vetter, chief cyber-officer at Immersive Labs, said that the news comes as no real surprise. “With workforces transitioning to remote working, security teams have had to contend with a whole new set of problems and threats that many have not had to face before,” he explained.
“This raises the additional complexity of security professionals having to potentially learn new skills or how to handle new situations in a remote environment. This is a new situation for many security teams, and an area that traditional training cannot cover. It is important that teams are able to upskill themselves on the most recent threat data to ensure that they are sufficiently battle-tested if a hacker targets their company’s remote workforce or systems.”
David Grout, CTO for EMEA at FireEye, said: “The survey reports about the number of cyber-attacks doubling since the pandemic began, so the security of an organization’s technologies, applications and firewalls/anti-malware can’t slip despite security teams being spread thinly.
“It will also be important to ensure there is an increased awareness of security measures for the remote workers themselves. In particular, those who have not worked from home before will be unsure about best practices to protect themselves and business information.”